Do Two Covered Entities Need A Business Associate Agreement

Question: If we use an offshore business partner, should they follow HIPAA? Can we use someone in another country? If an entity does not meet the definition of a covered business or counterparty, it is not required to comply with HIPAA rules. See the definitions of „Business Associate” and „covered entity” at 45 CFR 160.103. Not all doctors need a BAA. The easiest way to say is if you are a so-called „covered” entity and if you are subject to HIPAA rules. Ask yourself these two questions: If a partner/subcontractor violates or fails to comply with a BAA, the unit must take appropriate steps to correct the violation or stop the offence. „If such measures fail, they must terminate the contract or agreement,” HHS explains. „If termination of the contract or agreement is not possible, a covered entity is required to report the issue to the HHS Office for Civil Rights.” 1 A company that owns [PHI] on behalf of an insured company is a business partner and not a channel, even if the company does not actually look at the [PHI]. We recognize that in both situations, the entity that provides the service to the covered entity has the ability to access the [PHI]. However, the difference between the two situations lies in the temporary nature and the sustainable nature of this opportunity. For example, a data storage company that has access to [PHI] (digital or paper) is classified as a business partner, even if the entity does not look at them or looks at them only randomly or in a rare way. For example, document storage companies that manage [PHI] on behalf of covered companies are considered counterparties, whether or not they have access to the information they retain or not. Answer: Offshore trading partners are licensed by HIPAA and the law applies to them in the same way as that applicable in the United States.

As a covered company, you want your partner agreement to require it to accept the jurisdiction of the U.S. courts. A BAA is a signed document that confirms the willingness of a third-party supplier to take responsibility for the safety of your customers`PHI, to comply with appropriate security measures and to meet hipaa requirements when dealing with PHI on your behalf. BAAs are necessary if you are a covered company. Be sure to follow the BAA`s signature process and submit it to a safe and accessible location.

Bez kategorii